daviddyball · July 25, 2021 05:39 · daviddyball · Jan 27, 2015
diff --git a/IAM_Role.json b/IAM_Role.json
 {
  "Statement": [
    {
      "Sid": "EC2DescribeInstances",
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeTags"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "S3BucketAccess",
      "Effect": "Allow",
      "Action": [
        "s3:Get*",
        "s3:List*"
      ],
      "Resource": [
        "arn:aws:s3:::my-configs",
        "arn:aws:s3:::my-configs/*"
      ]
    }
  ]
 }
diff --git a/user-data.txt b/user-data.txt
 #!/bin/bash
 # Name:         s3://my-configs/user-data.txt
 # Description:  Generic EC2 User-Data File 
 # Purpose:      Shim script to pull bootstrap script for the server based on the
 #               Role + Environment tags stored against the EC2 Instance
 #
 #               Tags Used: 
 #                 - Environment  = Runtime Environment for this server (live/staging/preview)
 #                 - Role         = The role for this particular server 
 #                                  (e.g. webserver, database, imaging)
 #

 # Ensure we have required tools
 /usr/bin/cloud-init-per once apt-update apt-get update
 /usr/bin/cloud-init-per once bootstrap-deps1 apt-get install python-pip jq -y
 /usr/bin/cloud-init-per once bootstrap-deps2 pip install awscli botocore boto

 # Gather metadata about instance (e.g. Role + Environment)
 INSTANCE_ID=$(ec2metadata --instance-id)
 REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document|grep region|awk -F\" '{print $4}')
 TAGS=$(aws ec2 describe-instances --instance-id $INSTANCE_ID --region $REGION --output text| grep TAGS)
 ROLE=$(echo "$TAGS" |grep Role |awk '{print $3}')
 ENVIRONMENT=$(echo "$TAGS" | grep Environment|awk '{print $3}')

 # Pull and run role-specific bootstrap script
 /usr/bin/cloud-init-per always bootstrap-pull aws s3 cp s3://my-configs/${ENVIRONMENT}/${ROLE}/bootstrap.sh /root/${ENVIRONMENT}_${ROLE}_bootstrap.sh
 /usr/bin/cloud-init-per always bootstrap-chmod chmod +x /root/${ENVIRONMENT}_${ROLE}_bootstrap.sh
 /usr/bin/cloud-init-per once bootstrap-run /root/${ENVIRONMENT}_${ROLE}_bootstrap.sh
	{
	"Statement": [
	{
	"Sid": "EC2DescribeInstances",
	"Effect": "Allow",
	"Action": [
	"ec2:DescribeInstances",
	"ec2:DescribeTags"
	],
	"Resource": [
	"*"
	]
	},
	{
	"Sid": "S3BucketAccess",
	"Effect": "Allow",
	"Action": [
	"s3:Get*",
	"s3:List*"
	],
	"Resource": [
	"arn:aws:s3:::my-configs",
	"arn:aws:s3:::my-configs/*"
	]
	}
	]
	}
	#!/bin/bash
	# Name: s3://my-configs/user-data.txt
	# Description: Generic EC2 User-Data File
	# Purpose: Shim script to pull bootstrap script for the server based on the
	# Role + Environment tags stored against the EC2 Instance
	#
	# Tags Used:
	# - Environment = Runtime Environment for this server (live/staging/preview)
	# - Role = The role for this particular server
	# (e.g. webserver, database, imaging)
	#

	# Ensure we have required tools
	/usr/bin/cloud-init-per once apt-update apt-get update
	/usr/bin/cloud-init-per once bootstrap-deps1 apt-get install python-pip jq -y
	/usr/bin/cloud-init-per once bootstrap-deps2 pip install awscli botocore boto

	# Gather metadata about instance (e.g. Role + Environment)
	INSTANCE_ID=$(ec2metadata --instance-id)
	REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document\|grep region\|awk -F\" '{print $4}')
	TAGS=$(aws ec2 describe-instances --instance-id $INSTANCE_ID --region $REGION --output text\| grep TAGS)
	ROLE=$(echo "$TAGS" \|grep Role \|awk '{print $3}')
	ENVIRONMENT=$(echo "$TAGS" \| grep Environment\|awk '{print $3}')

	# Pull and run role-specific bootstrap script
	/usr/bin/cloud-init-per always bootstrap-pull aws s3 cp s3://my-configs/${ENVIRONMENT}/${ROLE}/bootstrap.sh /root/${ENVIRONMENT}_${ROLE}_bootstrap.sh
	/usr/bin/cloud-init-per always bootstrap-chmod chmod +x /root/${ENVIRONMENT}_${ROLE}_bootstrap.sh
	/usr/bin/cloud-init-per once bootstrap-run /root/${ENVIRONMENT}_${ROLE}_bootstrap.sh